-
-
reviewboard/accounts/backends.py (Diff revision 1) I'm a little bit concerned that this isn't implemented for all the auth backends. Maybe we can put it in a mixin?
-
reviewboard/accounts/backends.py (Diff revision 1) I think if
not isinstance(obj, LocalSite), we should return the parent class' implementation (get_all_permissions(user)) rather than asserting.
Add support for permissions specific to Local Sites.
Review Request #4880 — Created Nov. 3, 2013 and submitted
Add support for permissions specific to Local Sites.
Local Sites had no equivalent of our custom permissions, like
can_change_status or can_submit_as_another_user. It also didn't grant
these abilities to administrators of Local Sites.Now, a LocalSiteProfile defines a permissions dictionary, which contains
all granted permissions for the user. Local Site administrators
automatically have all permissions for a Local Site.To do this, we make use of an AuthBackend's ability to do custom
permission lookups. The main function for this, has_perm, can take a
parameter for the object permissions are being looked up on.This parameter is unused by defaut and in fact not allowed on any
built-in backends. Django doesn't make any real use of it. The intent
appears to be to pass an object like a ReviewRequest to it, but there's
no real rules governing this.For our usage, passing a LocalSite as the object will have it look up
that permission in the user's list of permissions for the LocalSite. All
callers must then do when checking permissions is to pass the LocalSite
(or None) when calling has_perm.The 'perms' context variable for templates has also been replaced with a
version that will pass the LocalSite for these requests.
Unit tests pass.
Manually tested closing a review request and editing one as a user with
those permissions, and as an administrator.
| Description | From | Last Updated |
|---|---|---|
|
The commas in these two lines are unnecessary. |
 david
|
|
|
I'm a little bit concerned that this isn't implemented for all the auth backends. Maybe we can put it in … |
david
|
|
|
I think if not isinstance(obj, LocalSite), we should return the parent class' implementation (get_all_permissions(user)) rather than asserting. |
david
|
Change Summary:
- Added a docstring for StandardAuthBackend that explains how it deals with permissions and how it will always be a factor in all auth scenarios.
- Changed the assertions to always log and to raise exceptions on DEBUG installs.
-
Just one trivial comment.
-
reviewboard/accounts/backends.py (Diff revisions 1 - 2) The commas in these two lines are unnecessary.